First published: Thu Mar 14 2019(Updated: )
Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Openwsman Project Openwsman | <=2.6.9 | |
Fedoraproject Fedora | =28 | |
Fedoraproject Fedora | =29 | |
Fedoraproject Fedora | =30 | |
openSUSE Leap | =15.0 | |
openSUSE Leap | =42.3 | |
<=2.6.9 | ||
=28 | ||
=29 | ||
=30 | ||
=15.0 | ||
=42.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-3833 is a vulnerability in Openwsman versions up to and including 2.6.9 that allows an attacker to cause a denial of service by sending specially crafted HTTP requests.
CVE-2019-3833 has a severity score of 7.5, which is considered high.
Openwsman versions up to and including 2.6.9 are affected by CVE-2019-3833.
The CVE-2019-3833 vulnerability can be exploited by a remote, unauthenticated attacker by sending malicious HTTP requests.
Yes, you can find references for CVE-2019-3833 at the following links: [http://bugzilla.suse.com/show_bug.cgi?id=1122623](http://bugzilla.suse.com/show_bug.cgi?id=1122623), [http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00006.html](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00006.html), [http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00065.html](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00065.html).